Yesterday I moderated a panel at OSBC with three very sharp IT folks, Julien Lambert from Shimano, David Rossellat of EA and David Johnson from the LA Times. The topic was about the “Real Benefits of Open Source.” All three organizations are widely using open source but mostly throughout their infrastructure and only for a few applications. One interesting data point is that they each said that open source is now considered for every IT purchasing decision. They may choose a proprietary application if the fit is better but open source is considered every time. Towards the end of the panel we got into governance and licensing and IP compliance. Interestingly enough, most of the organizations had a developer driven governance model and it was self-policing. In two of the cases the IT managers were the ones educating the lawyers. Not sure if that’s a successful long term risk mitigation strategy?
The panel caused me to reflect on our own experience with dozens of firms and helping them develop their IP licensing, compliance and risk management programs and the origination of the awareness of need for a policy. I think we can safely say there is a correlation between the size of the entity and how the need for open source governance is discovered and driven. In our experience the SMB market is more practical and needs based. That is, open source must solve an immediate pain cost effectively and with little overhead. As it proliferates throughout the organization it still primarily remains an IT phenomenon and doesn’t get raised to the level of legal department in these mid-sized organizations. IT managers in these companies tend to be more self-sufficient and hands on and develop governance policies only as issues arises. Which tend to me more from a technology management perspective than IP and risk management. In other words, “We’re using lots of open source now, we need to figure out how and where it fits, and how to manage and support it. Oh, and it’s under a variety of licenses, we should track those.” This contrasts sharply with how we see this issue addressed at large enterprises. I’ll discuss that topic in my blog next week.